package org.lib.authservice;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * 资源服务器配置
 * @author ben
 * @date 2021-10-22 15:39:40 CST
 */
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
	
	@Override
	public void configure(HttpSecurity http) throws Exception {
		// 启用 授权服务 后，接口无法访问，，在此配置后可以了，无需验证
		http.authorizeRequests()
			.antMatchers("/actuator/**").permitAll()
			// 用户管理接口：临时
			.antMatchers("/user/**").permitAll()
			.anyRequest().authenticated();
	}
	
}
